'Antwort: Active Directory Authentication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       turbine-user
Subject:    Antwort: Active Directory Authentication
From:       "Georg Kallidis" <georg.kallidis () cedis ! fu-berlin ! de>
Date:       2013-08-26 13:40:59
Message-ID: OF7AE7FD36.0057426A-ONC1257BD3.0048BA7E-C1257BD3.004B26E5 () cedis ! fu-berlin ! de
[Download RAW message or body]

Hi Michele,

I am not a AD specialist, but did you try using class LDAPUser instead
of ActiveDirectoryUser? The only difference is, that ActiveDirectoryUser
has as its binding using

	CN= givenName lastName,..,

while the other just uses (configurable attribute name)
CN=username, .. .

where username is probably sAMAccountName (change configuration in
TurbineResources.properties to
services.SecurityService.user.class=org.apache.turbine.services.security.ldap.LDAPUser
 ) ?

-Best regards, Georg



                                                                                      \
  Von:        "Rabanal, Michele R." <michele.rabanal@nscorp.com>                      \
                
                                                                                      \
  An:         "user@turbine.apache.org" <user@turbine.apache.org>,                    \
                
                                                                                      \
  Datum:      26.08.2013 13:36                                                        \
                
                                                                                      \
  Betreff:    Active Directory Authentication                                         \
                
                                                                                      \






I am trying to change my Turbine 2.3.3 application (running under
Tomcat) to use AD for authentication.  I understand that this is a
2-step process:
1) search by username (I use SAMAccount)
2) Bind or authenticate using the DN and password.

The search by SAMAccount  is successful (I can verify this in trace
data), but the authentication by DN is not.  What appears to be
happening is that Turbine is building the CN from the first and last
names on the AD record.  In AD it appears that the CN varies, it could
be first name/last name, first name/last name/middle initial, etc.  My
question, why doesn't Turbine pull the CN off the AD record for the user
object instead of building it from first/last name?  Is there any way to
make this work?

Thanks!
Michele




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic